CVE-2025-55014

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.

CVSS

No CVSS.

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370
https://lists.debian.org/debian-user/2025/08/msg00076.html
https://packages.debian.org/trixie/stardict
https://packages.debian.org/trixie/stardict-gtk
https://stardict-4.sourceforge.net/index_en.php
https://www.openwall.com/lists/oss-security/2025/08/04/1
https://lwn.net/SubscriberLink/1032732/3334850da49689e1/
https://news.ycombinator.com/item?id=44872313

Configurations

No configuration.

History

13 Aug 2025, 17:15

Type	Values Removed	Values Added
CWE	~~CWE-402~~
References		() https://news.ycombinator.com/item?id=44872313 - () https://lwn.net/SubscriberLink/1032732/3334850da49689e1/ -

04 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-04 20:15

Updated : 2025-08-13 17:15

NVD link : CVE-2025-55014

Mitre link : CVE-2025-55014

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-55014

Attach tags to `CVE-2025-55014`